Solved: understanding of aaa authorization command level

jemekeren · ‎05-06-2007

is it true aaa authorization command level will only check tacacs server and check only associated with user. using aaa authorization must require the aaa authentication login because that is how acs know how to associate the user and command he/she allowed to execute. in other words by using only aaa authorization will confuse the router. tx for answering :)

royalblues · ‎05-06-2007

AAA authentication is required for authorising a user from tacacs with a certain privilge level.

This can be done in 2 ways.

Define the Shell privilge level for each user in TACACS and have the commands for the that privilege level locally on every device.

Second and the recommended method is use shell authorization sets in TACACS. In this case the privilege level is set to 15 but the command are limited to what you have configured on the shell authorization sets.

Have a look at the attachment

HTH, rate if it does

Narayan

View solution in original post

royalblues · ‎05-06-2007

AAA authentication is required for authorising a user from tacacs with a certain privilge level.

This can be done in 2 ways.

Define the Shell privilge level for each user in TACACS and have the commands for the that privilege level locally on every device.

Second and the recommended method is use shell authorization sets in TACACS. In this case the privilege level is set to 15 but the command are limited to what you have configured on the shell authorization sets.

Have a look at the attachment

HTH, rate if it does

Narayan

mohammedmahmoud · ‎05-06-2007

Hi Narayan,

Definitely deserves rating :)

BR,

Mohammed Mahmoud.

royalblues · ‎05-18-2007

Mohammed,

Can you share your email address.

Narayan

mohammedmahmoud · ‎05-18-2007

Hi Naryan,

Sure: mmma@gawab.com, mohammedmmoustafa@gmail.com

BR,

Mohammed Mahmoud.